We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

The GMC’s confidentiality guidance

The GMC’s new confidentiality guidance came into operation on 25 April 2017. Whilst the general principles remain largely unchanged, the new guidance does introduce some new themes and advice reflecting socio-medical trends.

The addition of the decision-making flowchart is a clear advantage, providing a practical tool to enable practitioners navigate the intricacies of their obligations. However, there are still some grey areas, and the Guidance emphasises the need for tailored professional advice in a variety of circumstances.

The Guidance restates the general principles underpinning the concept of patient confidentiality, building upon the traditional ‘Caldicott’ principles. The key changes include the addition of the flowchart, a clearer framework for when it is appropriate to disclose personal information and a new section setting out doctor’s responsibilities relating to managing and protecting patient’s confidential information.

The Guidance identifies three purposes/reasons for which patient information can be accessed and disclosed:

to support and facilitate the direct care of an individual patient

to protect patients and others

for secondary purposes.

Sharing information for direct care

There is an emphasis on the importance of information sharing between medical professionals involved in the direct care of a patient. Paragraph 26 states that ‘patients may be put at risk if those who provide their care do not have access to relevant, accurate and up-to-date information about them.’ This reflects the increasing focus on the need for cooperation and collaboration in the clinical care of patients, and a growing trend for multidisciplinary and multi-agency team work.

The Guidance elaborates on a doctor’s ability to rely on implied consent to share patient information for direct care, and supports an assumption that patient information will be shared with all those involved in the patient’s direct care unless the patient has specifically objected.

The Guidance confirms that explicit consent should be sought where possible and that patients should have the information available to enable them to object to disclosure. Although patients are given the opportunity to object, the guidance includes additional advice to practitioners about advising the patient of the consequences of their objection, with a view to reaching an appropriate compromise. The Guidance recognises that a patient with capacity has complete autonomy and their wishes, including their objections, must be respected even if this means the practitioner is unable to continue with treatment or referral (Paragraph 31).

There are new statements about the importance of the role of the patient’s family in support and care. Patient confidentiality should not be used as justification for not listening to the views of family close to the patient.

Sharing information to protect patients and others

The Guidance provides clearer information on the legal requirements to disclose information for adults who are at risk of serious harm. There is separate guidance dealing with confidentiality in the context of child protection.

Where adults lack capacity, the 2009 guidance permitted disclosure where patients are at risk of ‘physical, sexual or emotional abuse’. That has been broadened with the addition of the phrase ‘or any other kind of serious harm’. This also has the effect of extending the professional obligation to inform an appropriate authority in these circumstances.

Whilst emphasising that patients with capacity have the right to make their own decisions even if their decision may cause harm to themselves, the Guidance makes clear that this may be overridden if their decision will cause harm to others. A new endnote provides that in very exceptional circumstances, such as the prevention of a serious crime (murder, manslaughter or serious assault) disclosure may be justified but acknowledges that this is an uncertain area of law.

The list of circumstances in which patients may pose a risk of serious harm to others has been extended, with links to the other relevant explanatory notes. There is a clearer explanation of the legal requirements to disclose information. There is also a list of factors which practitioners should take into account when balancing the public interest in disclosing information and the public interest in keeping the information confidential.

The Guidance adds formal reviews, such as inquests, domestic homicide reviews, significant case reviews and case management reviews, to the section on responding to requests for information.

Sharing information for secondary purposes

This section concerns the use of information for purposes not directly related to the provision of health and social care but rather with disclosures for the administration of justice, and for purposes such as financial audit and insurance or benefits claims.

The information disclosed should be anonymised, and the Guidance provides a list of situations where practitioners can make disclosures of personal information without breaching the duty of confidentiality. The Guidance acknowledges that there are circumstances where disclosures may be permitted or required by statute or by the courts, and there is reference to disclosures made for secondary health and social care purposes. This edition provides additional Guidance on disclosures relating to the duty of candour and its interaction with confidentiality.

Managing and protecting information

This section of the Guidance is significantly expanded from the 2009 Guidance and relates to managing patient information and explains the importance of data protection within medical practice. Professional obligations are imposed on registrant’s in their role as employers in relation to information governance, and the Guidance expands the examples of circumstances in which patient privacy may be inappropriately breached within the healthcare setting.

The Guidance emphasises that the duty of confidentiality continues after death. The Guidance confirms that there are restricted circumstances where patient information can be disclosed without the duty of confidentiality being breached, including disclosure to a Coroner for an inquest, on death certificates and when disclosure is required by law. Circumstances where doctors should usually disclose patient information are identified as are factors to be taken into account when deciding whether to disclose information following a patient’s death.